From: Xueming Li Date: Sat, 9 Sep 2017 07:33:19 +0000 (+0800) Subject: mem: fix malloc element free in debug mode X-Git-Tag: spdx-start~1679 X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=41baec55a81467d7733217cd6f81a94e2916348c;p=dpdk.git mem: fix malloc element free in debug mode malloc_elem_free() is clearing(setting to 0) the trailer cookie when RTE_MALLOC_DEBUG is enabled. In case of joining free neighbor element, part of joined memory is not getting cleared due to missing the length of trailer cookie in the middle. This patch fixes calculation of free memory length to be cleared in malloc_elem_free() by including trailer cookie. Fixes: af75078fece3 ("first public release") Cc: stable@dpdk.org Signed-off-by: Xueming Li Acked-by: Sergio Gonzalez Monroy --- diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c index 150769057b..889dffd217 100644 --- a/lib/librte_eal/common/malloc_elem.c +++ b/lib/librte_eal/common/malloc_elem.c @@ -275,14 +275,14 @@ malloc_elem_free(struct malloc_elem *elem) return -1; rte_spinlock_lock(&(elem->heap->lock)); - size_t sz = elem->size - sizeof(*elem); + size_t sz = elem->size - sizeof(*elem) - MALLOC_ELEM_TRAILER_LEN; uint8_t *ptr = (uint8_t *)&elem[1]; struct malloc_elem *next = RTE_PTR_ADD(elem, elem->size); if (next->state == ELEM_FREE){ /* remove from free list, join to this one */ elem_free_list_remove(next); join_elem(elem, next); - sz += sizeof(*elem); + sz += (sizeof(*elem) + MALLOC_ELEM_TRAILER_LEN); } /* check if previous element is free, if so join with it and return, @@ -291,8 +291,8 @@ malloc_elem_free(struct malloc_elem *elem) if (elem->prev != NULL && elem->prev->state == ELEM_FREE) { elem_free_list_remove(elem->prev); join_elem(elem->prev, elem); - sz += sizeof(*elem); - ptr -= sizeof(*elem); + sz += (sizeof(*elem) + MALLOC_ELEM_TRAILER_LEN); + ptr -= (sizeof(*elem) + MALLOC_ELEM_TRAILER_LEN); elem = elem->prev; } malloc_elem_free_list_insert(elem);